A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@eon.com
Expires: 2026-06-30T23:59:00.000Z
Encryption: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xf6f9fb4d40f95f470d9cebfc477ba6dcfd27aece
Preferred-Languages: en, de
Canonical: https://www.eon.com/.well-known/security.txt

-----BEGIN PGP SIGNATURE----- 
iQIzBAEBCAAdFiEE9vn7TUD5X0cNnOv8R3um3P0nrs4FAmf/WNoACgkQR3um3P0n
rs6BuxAAjMWWMy75T3Ks+Rvb3t6qj9bLZsrAo6bZXozuqBqbEVljiCAd5wkIT+15
LdKs7OsbC+m12bQDfuiXeZeFprHzvlsf4K03UJ/TtUF0sc0gPLJPoEoXDnpHFIUX
c8x7zIG8oEnumpSnELUCUbl0twdbQrjjVtyYe5ysoaclC2c8KdmNNoH3zneTGc9O
uV2xinkQYH28Cy+FufLQzCqIr5QlVIqCmSDK1WWYZ78d3DQ/48QCzQuanby3HH2Q
k4CX+aifXBz5xfwsDQirLPRYK2hjwa0o927kFl8jSf5VaN/Ccw79KJPUeV2Y+VkR
EV5D/kdQnkAunQx4GJVOyQgj1Ejv0eFJQTjLQeK1eucVOdPwDNy1bBqwS24HRbFN
hEjmcPuDgQjF7lE3om9xW4XLAFUF+oYZlQE/VjlGj8Y9vT7qL1ZlUT4Ve9tu7Wco
pGfpV9TopXbqiv80AY713St5qVmYyorCFksXY2pSPF2oeBq957QBSPc2uA++TKy2
NJ0A+fGzpKA/3tRm/BDXrgW665F7NPD8thzI5msX+ERp9/uokTND9IFjEGZzVuMl
TW0z/4oU8XD54MX0QzixZX7OwHTdVyKiKQb6hZFVFYauw5G1EpdiP0IJwxQlCjD7
9EP2ri+Kg0rQO+szsdnd7JzflYUf1pyJgXX4FQw+W+8yMuzHrbE=
=patB
-----END PGP SIGNATURE-----